IT Security News Blast 4-28-2017

Overall, the report found that cyber attackers revealed new levels of ambition in 2016, “a year marked by extraordinary attacks, including multi-million dollar virtual bank heists, overt attempts to disrupt the US electoral process by state-sponsored groups, and some of the biggest distributed denial of service (DDoS) attacks on record powered by a botnet of Internet of Things (IoT) devices.”

Ransomware is rapidly on the rise and four industry sectors are taking the largest hit, accounting for 77% of the action, according to NTT Security’s 2017 Global Threat Intelligence Report released today. The business and professional services sector accounted for 28% of the ransomware attacks, followed by government at 19%, and healthcare and the retail sectors both coming in at 15%, the report noted.

No matter how smart a machine learning algorithm is, it has a narrow focus and learns from a specific data set. By contrast, attackers possess so-called general intelligence and are able to think outside of the box. They can learn from context and benefit from inspiration, which no machine or algorithm can predict. Take self-driving cars as an example. These smart machines learn how to drive in an environment with road signs and pre-set rules. But what if someone covers all the signs or manipulates them?

Data that Verizon collected from security incidents and data breaches that it investigated in 2016 showed, for instance, that financial and insurance companies suffered about six times as many breaches (364) from web application attacks as organizations in the information services sector (61). Similarly, Verizon’s dataset showed healthcare organizations suffered about 13 times as many breaches involving privilege misuse in 2016 compared to manufacturing companies—104 breaches to 8.

“We will refrain from providing additional commentary now or in the Q&A,” Chipotle’s Chief Financial Officer (CFO) John Hartung told Wall Street analysts during a Tuesday earnings conference call. “We anticipate notifying any affected customers as we get further clarity about the time frames and the restaurant locations that might have been affected.” Researchers say that failure to accept EMV chip cards makes retailers a bigger target as attackers become more sophisticated.

On Wednesday, large chunks of network traffic belonging to MasterCard, Visa, and more than two dozen other financial services companies were briefly routed through a Russian government-controlled telecom under unexplained circumstances that renew lingering questions about the trust and reliability of some of the most sensitive Internet communications. […] This would appear to be targeted to financial institutions. A typical cause of these errors [is] in some sort of internal traffic engineering, but it would seem strange that someone would limit their traffic engineering to mostly financial networks.”

Why businesses have the wrong cybersecurity mindset, and how they can fix it

“Building an impenetrable defense is no longer practical and the mentality of preventing all breaches is outdated,” Seth Robinson, senior director of technology analysis for CompTIA, said in a press release. “But a new, proactive approach combining technologies, procedures and education can help find problem areas before attackers discover them.”

A cybersecurity firm in the United States believes state-sponsored Chinese hackers were trying to infiltrate an organization with connections to a US-built missile system in South Korea that Beijing firmly opposes. “China uses cyber espionage pretty regularly when Chinese interests are at stake to better understand facts on the ground,” John Hultquist, the director of cyber espionage analysis at FireEye, told CNN’s News Stream. “We have evidence that they targeted at least one party that has been associated with the missile placements.”

Today is the tenth anniversary of the world’s first major coordinated “cyber attack” on a nation’s internet infrastructure. This little-known event set the scene for the onrush of cyber espionage, fake news and information wars we know today. In 2007, operators took advantage of political unrest to unleash a series of cyber measures on Estonia, as a possible form of retribution for symbolically rejecting a Soviet version of history. It was a new, coordinated approach that had never been seen before.

[The] Defendants in this case subjected Ms. Tantaros to illegal electronic surveillance and computer hacking, and used that information (including, on information and belief, privileged attorney-client communications) to intimidate, terrorize, and crush her career through an endless stream of lewd, offensive, and career-damaging social media posts, blog entries and commentary, and high-profile “fake” media sites which Fox News (or its social influence contractors) owned or controlled.

Penned by Facebook chief security officer Alex Stamos and security colleagues Jen Weedon and William Nuland, “Information Operations and Facebook” [PDF] describes an expansion of the company’s security focus from “traditional abusive behavior, such as account hacking, malware, spam and financial scams, to include more subtle and insidious forms of misuse, including attempts to manipulate civic discourse and deceive people.”

A simple bloatware used to serve as a virtual on-screen display has been found to have severe flaws. The worst part; it was used in millions of PCs and laptops including Fujitsu devices, HP devices and some of the Philips devices. You might have known this bloatware as “HP Display Assistant, HP Display Control, HP My Display, or HP Mobile Display Assistant, Fujitsu DisplayView Click, and Philips SmartControl.” If you ever used one of the above-mentioned ones there’s a good chance that you could be one of the affected victims.

The steadily spreading Hajime IoT worm fights the Mirai botnet for control of easy-to-hack IoT products. The malware is billed as a vigilante-style internet clean-up operation but it might easily be abused as a resource for cyber-attacks, hence a growing concern among security watchers. […] The resiliency of Hajime surpasses Mirai, security researchers say. Features such as a peer-to-peer rather than centralised control network and hidden processes make it harder to interfere with the operation of Hajime (meaning “beginning” in Japanese) than comparable botnets.

To a large degree, that’s happening already, she said, pointing to the Department of Defense’s Hack the Pentagon, Army and Air Force bug bounty programs as examples of hackers playing a bigger role in hardening defenses. She also said programs such as the Federal Trade Commission’s competition that solicited security solutions for connected devices and DARPA’s Cyber Grand Challenge represents a general recognition by lawmakers and boards of directors that awareness of threats and solutions are a mandate.

If you get a friend request or message on Facebook from a high-ranking military official, it’s probably fake. […] She said impostors are being bold and targeting high-ranking officials. Some of the impostors are looking for fame, or maybe trying to trick someone into romance, but most want to scam you out of your money. “What they end up doing is trying to use that trust relationship to develop relationships with people and maybe send money, for example,” said Dunkerley.

“We found that the latest Shamoon campaigns… are connected to other notable campaigns, and the increase in sophistication suggests investment, collaboration and coordination beyond that of a single hacker group,” McAfee explains in blog post co-authored by Raj Samani, chief scientist, and Christiaan Beek, lead scientist and principal engineer. Rather, the campaign appears more in line with “the comprehensive operation of a nation-state,” the report continues.

The hackers spreading ransomware are getting greedier. In 2016, the average ransom demand to free computers hit with the infection rose to US$1,077, up from $294 the year before, according to security firm Symantec. “Attackers clearly think that there’s more to be squeezed from victims,” Symantec said in a Wednesday report. In addition, the security firm has been detecting more ransomware infection attempts. In 2016, the figure jumped by 36 percent from the year prior.

Each year, a few hackers do something truly new. But for the most part, hackers repeat the tried and true. It doesn’t take a supergenius to check for missing patches or craft a social engineering attack. Hacking by and large is tradework: Once you learn a few tricks and tools, the rest becomes routine. The truly inspired work is that of security defenders, those who successfully hack the hackers. Following are some of the most clever tricks in use today by computer security defenders in foiling hackers.

When it comes to hacking, phishing is one of the oldest tricks in the book. According to IBM security research, some 30 percent of phishing e-mails are opened by targeted recipients. Additionally, the attacks are becoming more advanced and harder to detect at first glance. A new machine-learning-based security solution could help businesses detect phishing sites up to 250 percent faster than other methods.

Want more cybersecurity information?

We may also occasionally send you information about Critical Informatics products and solutions; you can unsubscribe at anytime if desired.Leave this field empty if you're human:

About Critical Informatics

We are world-class information security professionals providing Managed Detection and Response services to help you be secure, compliant, and resilient against threats to the life safety, life-sustaining, and quality-of-life systems and services you provide to clients, customers, constituents, and communities.